2 matches found
CVE-2021-24965 Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtbwelcomesetschedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform...
CVE-2021-24965
CVE-2021-24965 affects the WordPress plugin Five Star Restaurant Reservations (versions before 2.4.8). The vulnerability arises in the rtb_welcome_set_schedule AJAX action, where missing capability and CSRF checks, plus insufficient input sanitisation/escaping, allow any authenticated user (down ...